git.baikalelectronics.ru Git - kernel.git/commit

author	Tom Lendacky <thomas.lendacky@amd.com>
	Thu, 10 Dec 2020 17:10:09 +0000 (11:10 -0600)
committer	Paolo Bonzini <pbonzini@redhat.com>
	Tue, 15 Dec 2020 10:21:00 +0000 (05:21 -0500)
commit	af0c2261c7b303ff7fc7c88cb662e8c7c5f8bb62
tree	9f4f49bbc58f49c77ac0e4679b0094fa8ea04521	tree \| snapshot
parent	f40b1434a0e510c2052241204ea4469389684467	commit \| diff

KVM: SVM: Provide support to launch and run an SEV-ES guest

An SEV-ES guest is started by invoking a new SEV initialization ioctl,
KVM_SEV_ES_INIT. This identifies the guest as an SEV-ES guest, which is
used to drive the appropriate ASID allocation, VMSA encryption, etc.

Before being able to run an SEV-ES vCPU, the vCPU VMSA must be encrypted
and measured. This is done using the LAUNCH_UPDATE_VMSA command after all
calls to LAUNCH_UPDATE_DATA have been performed, but before LAUNCH_MEASURE
has been performed. In order to establish the encrypted VMSA, the current
(traditional) VMSA and the GPRs are synced to the page that will hold the
encrypted VMSA and then LAUNCH_UPDATE_VMSA is invoked. The vCPU is then
marked as having protected guest state.

Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Message-Id: <e9643245adb809caf3a87c09997926d2f3d6ff41.1607620209.git.thomas.lendacky@amd.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>